package sernet.verinice.encryption.test;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPrivateKeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.util.Calendar;
import javax.security.auth.x500.X500Principal;
import javax.xml.bind.DatatypeConverter;
import org.apache.commons.lang.RandomStringUtils;
import org.apache.log4j.Logger;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.x509.X509V3CertificateGenerator;
import org.junit.Assert;
import org.junit.Test;
import sernet.gs.service.FileUtil;
import sernet.verinice.encryption.impl.EncryptionService;

/* loaded from: input_file:sernet/verinice/encryption/test/CryptoTest.class */
public class CryptoTest {
    private static final Logger LOG = Logger.getLogger(CryptoTest.class);
    private static final int MAX_PASSWORD_LENGTH = 100;
    private EncryptionService encryptionService;
    private static final String SECRET = "Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec at ligula et nibh pretium vulputate vitae quis tortor. Integer ultrices facilisis ligula a pulvinar. Etiam commodo blandit eleifend. Suspendisse malesuada ligula ut lectus fermentum, sit amet sodales elit malesuada. Etiam nec vestibulum erat. Sed eget varius risus, vel ornare nisl. Duis sem augue, volutpat at nisl ac, condimentum tincidunt erat. Integer dapibus hendrerit lacus, quis semper augue feugiat sed. ";

    @Test
    public void passwordStreamBasedCryptoTest() {
        try {
            File createTempFile = File.createTempFile("veriniceCryptoTest", "pcr");
            createTempFile.deleteOnExit();
            char[] password = getPassword(20);
            OutputStream encrypt = getEncryptionService().encrypt(new FileOutputStream(createTempFile), password);
            encrypt.write(SECRET.getBytes());
            encrypt.flush();
            encrypt.close();
            InputStream decrypt = getEncryptionService().decrypt(new FileInputStream(createTempFile.getAbsolutePath()), password);
            StringBuilder sb = new StringBuilder();
            while (true) {
                byte read = (byte) decrypt.read();
                if (read == -1) {
                    Assert.assertEquals(SECRET, sb.toString());
                    return;
                }
                sb.append((char) read);
            }
        } catch (IOException e) {
            LOG.error("IO-Error", e);
        }
    }

    @Test
    public void passwordByteBasedCryptoTest() {
        for (int i = 1; i <= MAX_PASSWORD_LENGTH; i++) {
            char[] password = getPassword(i);
            Assert.assertEquals("test fails on password(" + password.length + "):\n" + String.valueOf(password), new String(getEncryptionService().decrypt(getEncryptionService().encrypt(SECRET.getBytes(), password), password)), SECRET);
        }
    }

    @Test
    public void certificateByteBasedCryptoTest() throws GeneralSecurityException, IOException {
        KeyPair generateKeyPair = generateKeyPair();
        Assert.assertNotNull("Keypair is null", generateKeyPair);
        String convertToPem = convertToPem(generateCertificate("CN=Test, L=Berlin, C=DE", generateKeyPair, 365).getEncoded(), false, true);
        Assert.assertNotNull(convertToPem);
        File createTempFile = File.createTempFile("veriniceCert", "PEM");
        Assert.assertNotNull(createTempFile);
        FileUtil.writeStringToFile(convertToPem, createTempFile.getAbsolutePath());
        createTempFile.deleteOnExit();
        byte[] encrypt = getEncryptionService().encrypt(SECRET.getBytes(), createTempFile);
        String convertToPem2 = convertToPem(generateKeyPair.getPrivate().getEncoded(), true, false);
        File createTempFile2 = File.createTempFile("veriniceKey", "PEM");
        Assert.assertNotNull(createTempFile2);
        FileUtil.writeStringToFile(convertToPem2, createTempFile2.getAbsolutePath());
        createTempFile.deleteOnExit();
        Assert.assertEquals(SECRET, new String(getEncryptionService().decrypt(encrypt, createTempFile, createTempFile2)));
    }

    private char[] getPassword(int i) {
        return RandomStringUtils.randomAscii(i).toCharArray();
    }

    public EncryptionService getEncryptionService() {
        if (this.encryptionService == null) {
            this.encryptionService = new EncryptionService();
        }
        return this.encryptionService;
    }

    X509Certificate generateCertificate(String str, KeyPair keyPair, int i) throws GeneralSecurityException, IOException {
        PublicKey publicKey = keyPair.getPublic();
        PrivateKey privateKey = keyPair.getPrivate();
        if (publicKey instanceof RSAPublicKey) {
            RSAPublicKey rSAPublicKey = (RSAPublicKey) publicKey;
            try {
                publicKey = KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(rSAPublicKey.getModulus(), rSAPublicKey.getPublicExponent()));
            } catch (InvalidKeySpecException e) {
                publicKey = keyPair.getPublic();
            }
        }
        if (privateKey instanceof RSAPrivateKey) {
            RSAPrivateKey rSAPrivateKey = (RSAPrivateKey) privateKey;
            try {
                privateKey = KeyFactory.getInstance("RSA").generatePrivate(new RSAPrivateKeySpec(rSAPrivateKey.getModulus(), rSAPrivateKey.getPrivateExponent()));
            } catch (InvalidKeySpecException e2) {
                privateKey = keyPair.getPrivate();
            }
        }
        X509V3CertificateGenerator x509V3CertificateGenerator = new X509V3CertificateGenerator();
        X500Principal x500Principal = new X500Principal("CN=" + str + ", OU=None, O=None L=None, C=None");
        x509V3CertificateGenerator.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
        x509V3CertificateGenerator.setIssuerDN(x500Principal);
        x509V3CertificateGenerator.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(true));
        Calendar calendar = Calendar.getInstance();
        x509V3CertificateGenerator.setNotBefore(calendar.getTime());
        calendar.add(1, 5);
        x509V3CertificateGenerator.setNotAfter(calendar.getTime());
        x509V3CertificateGenerator.setSubjectDN(x500Principal);
        x509V3CertificateGenerator.setPublicKey(publicKey);
        x509V3CertificateGenerator.setSignatureAlgorithm("MD5WithRSA");
        return x509V3CertificateGenerator.generate(privateKey, BouncyCastleProvider.PROVIDER_NAME);
    }

    KeyPair generateKeyPair() throws NoSuchAlgorithmException, NoSuchProviderException {
        KeyPairGenerator keyPairGenerator = org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator.getInstance("RSA", BouncyCastleProvider.PROVIDER_NAME);
        keyPairGenerator.initialize(1024, new SecureRandom());
        return keyPairGenerator.generateKeyPair();
    }

    private String convertToPem(byte[] bArr, boolean z, boolean z2) {
        Object obj = "";
        String str = "";
        if (z2 && !z) {
            obj = "-----BEGIN CERTIFICATE-----\n";
            str = "\n-----END CERTIFICATE-----";
        }
        if (!z2 && z) {
            obj = "-----BEGIN PRIVATE KEY-----\n";
            str = "\n-----END PRIVATE KEY-----";
        }
        try {
            return String.valueOf(obj) + DatatypeConverter.printBase64Binary(bArr) + str;
        } catch (Exception e) {
            LOG.error("Error converting cert", e);
            return null;
        }
    }
}
